# Copyright 2019 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# NOTE: This file is auto generated by the elixir code generator program.
# Do not edit this file manually.

defmodule GoogleApi.Compute.V1.Model.SecuritySettings do
  @moduledoc """
  The authentication and authorization settings for a BackendService.

  ## Attributes

  *   `awsV4Authentication` (*type:* `GoogleApi.Compute.V1.Model.AWSV4Signature.t`, *default:* `nil`) - The configuration needed to generate a signature for access to private storage buckets that support AWS's Signature Version 4 for authentication. Allowed only for INTERNET_IP_PORT and INTERNET_FQDN_PORT NEG backends.
  *   `clientTlsPolicy` (*type:* `String.t`, *default:* `nil`) - Optional. A URL referring to a networksecurity.ClientTlsPolicy resource that describes how clients should authenticate with this service's backends. clientTlsPolicy only applies to a global BackendService with the loadBalancingScheme set to INTERNAL_SELF_MANAGED. If left blank, communications are not encrypted.
  *   `subjectAltNames` (*type:* `list(String.t)`, *default:* `nil`) - Optional. A list of Subject Alternative Names (SANs) that the client verifies during a mutual TLS handshake with an server/endpoint for this BackendService. When the server presents its X.509 certificate to the client, the client inspects the certificate's subjectAltName field. If the field contains one of the specified values, the communication continues. Otherwise, it fails. This additional check enables the client to verify that the server is authorized to run the requested service. Note that the contents of the server certificate's subjectAltName field are configured by the Public Key Infrastructure which provisions server identities. Only applies to a global BackendService with loadBalancingScheme set to INTERNAL_SELF_MANAGED. Only applies when BackendService has an attached clientTlsPolicy with clientCertificate (mTLS mode).
  """

  use GoogleApi.Gax.ModelBase

  @type t :: %__MODULE__{
          :awsV4Authentication => GoogleApi.Compute.V1.Model.AWSV4Signature.t() | nil,
          :clientTlsPolicy => String.t() | nil,
          :subjectAltNames => list(String.t()) | nil
        }

  field(:awsV4Authentication, as: GoogleApi.Compute.V1.Model.AWSV4Signature)
  field(:clientTlsPolicy)
  field(:subjectAltNames, type: :list)
end

defimpl Poison.Decoder, for: GoogleApi.Compute.V1.Model.SecuritySettings do
  def decode(value, options) do
    GoogleApi.Compute.V1.Model.SecuritySettings.decode(value, options)
  end
end

defimpl Poison.Encoder, for: GoogleApi.Compute.V1.Model.SecuritySettings do
  def encode(value, options) do
    GoogleApi.Gax.ModelBase.encode(value, options)
  end
end
